diff --git a/Cargo.lock b/Cargo.lock
index cae63529..afc01fba 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -194,7 +194,7 @@ dependencies = [
  "asn1-rs-derive",
  "asn1-rs-impl",
  "displaydoc",
- "nom",
+ "nom 7.1.3",
  "num-traits",
  "rusticata-macros",
  "thiserror 2.0.12",
@@ -599,7 +599,7 @@ version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
 dependencies = [
- "nom",
+ "nom 7.1.3",
 ]
 
 [[package]]
@@ -651,8 +651,6 @@ dependencies = [
 [[package]]
 name = "cipherstash-client"
 version = "0.20.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fe21509165da6daf50b84d4dc9bc46b558e5afb34db75dbd2371b963faabe4d"
 dependencies = [
  "aes-gcm-siv",
  "anyhow",
@@ -664,7 +662,7 @@ dependencies = [
  "blake3",
  "cfg-if",
  "chrono",
- "cipherstash-config",
+ "cipherstash-config 0.2.3",
  "cipherstash-core",
  "cllw-ore",
  "cts-common",
@@ -683,7 +681,7 @@ dependencies = [
  "percent-encoding",
  "rand 0.8.5",
  "rand_chacha 0.3.1",
- "recipher",
+ "recipher 0.1.3",
  "reqwest",
  "reqwest-middleware",
  "reqwest-retry",
@@ -708,6 +706,14 @@ dependencies = [
  "zerokms-protocol",
 ]
 
+[[package]]
+name = "cipherstash-config"
+version = "0.2.3"
+dependencies = [
+ "serde",
+ "thiserror 1.0.69",
+]
+
 [[package]]
 name = "cipherstash-config"
 version = "0.2.3"
@@ -721,8 +727,6 @@ dependencies = [
 [[package]]
 name = "cipherstash-core"
 version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd56dfac0a35146968ef6696fb822b22f70a664a8739874385876d5452844b7a"
 dependencies = [
  "hmac",
  "lazy_static",
@@ -742,7 +746,6 @@ dependencies = [
  "bytes",
  "chrono",
  "cipherstash-client",
- "cipherstash-config",
  "clap",
  "config",
  "eql-mapper",
@@ -757,7 +760,7 @@ dependencies = [
  "postgres-protocol",
  "postgres-types",
  "rand 0.9.0",
- "recipher",
+ "recipher 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "regex",
  "ring",
  "rust_decimal",
@@ -788,13 +791,13 @@ version = "0.1.0"
 dependencies = [
  "chrono",
  "cipherstash-client",
- "cipherstash-config",
+ "cipherstash-config 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "cipherstash-proxy",
  "clap",
  "fake 4.2.0",
  "hex",
  "rand 0.9.0",
- "recipher",
+ "recipher 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "rustls",
  "serde",
  "serde_json",
@@ -863,8 +866,6 @@ checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6"
 [[package]]
 name = "cllw-ore"
 version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d1b01c26e11101044f85802e31d842483ef983a890c03472d9489f6969cf865a"
 dependencies = [
  "bit-vec",
  "bitvec",
@@ -1023,8 +1024,6 @@ dependencies = [
 [[package]]
 name = "cts-common"
 version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "938da7d14d05c2769bf7ae33c5a395eb6a34ffdd25ec286e97702ae563314f9b"
 dependencies = [
  "arrayvec",
  "axum",
@@ -1033,6 +1032,7 @@ dependencies = [
  "fake 3.1.0",
  "http",
  "miette",
+ "nom 8.0.0",
  "rand 0.8.5",
  "regex",
  "serde",
@@ -1111,7 +1111,7 @@ checksum = "07da5016415d5a3c4dd39b11ed26f915f52fc4e0dc197d87908bc916e51bc1a6"
 dependencies = [
  "asn1-rs",
  "displaydoc",
- "nom",
+ "nom 7.1.3",
  "num-bigint",
  "num-traits",
  "rusticata-macros",
@@ -2354,6 +2354,15 @@ dependencies = [
  "minimal-lexical",
 ]
 
+[[package]]
+name = "nom"
+version = "8.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df9761775871bdef83bee530e60050f7e54b1105350d6884eb0fb4f46c2f9405"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "nu-ansi-term"
 version = "0.46.0"
@@ -2955,6 +2964,25 @@ dependencies = [
  "bitflags 2.9.0",
 ]
 
+[[package]]
+name = "recipher"
+version = "0.1.3"
+dependencies = [
+ "aes",
+ "async-trait",
+ "cmac",
+ "hex",
+ "hex-literal",
+ "opaque-debug",
+ "rand 0.8.5",
+ "rand_chacha 0.3.1",
+ "serde",
+ "serde_cbor",
+ "sha2",
+ "thiserror 1.0.69",
+ "zeroize",
+]
+
 [[package]]
 name = "recipher"
 version = "0.1.3"
@@ -3256,7 +3284,7 @@ version = "4.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632"
 dependencies = [
- "nom",
+ "nom 7.1.3",
 ]
 
 [[package]]
@@ -4911,7 +4939,7 @@ dependencies = [
  "data-encoding",
  "der-parser",
  "lazy_static",
- "nom",
+ "nom 7.1.3",
  "oid-registry",
  "rusticata-macros",
  "thiserror 2.0.12",
@@ -5032,12 +5060,10 @@ dependencies = [
 [[package]]
 name = "zerokms-protocol"
 version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01a9d0d8103cfa862b451f2c35144301df25a233f7fae041666b890a1578c3b1"
 dependencies = [
  "async-trait",
  "base64",
- "cipherstash-config",
+ "cipherstash-config 0.2.3",
  "fake 2.10.0",
  "opaque-debug",
  "rand 0.8.5",
diff --git a/packages/cipherstash-proxy/Cargo.toml b/packages/cipherstash-proxy/Cargo.toml
index 7ee18238..957f3a1b 100644
--- a/packages/cipherstash-proxy/Cargo.toml
+++ b/packages/cipherstash-proxy/Cargo.toml
@@ -9,7 +9,6 @@ arc-swap = "1.7.1"
 bytes = { version = "1.9", default-features = false }
 chrono = { version = "0.4.39", features = ["clock"] }
 cipherstash-client = { version = "0.20.0", features = ["tokio"] }
-cipherstash-config = "0.2.3"
 clap = { version = "4.5.31", features = ["derive", "env"] }
 config = { version = "0.15", features = [
     "async",
diff --git a/packages/cipherstash-proxy/src/encrypt/config/encrypt_config.rs b/packages/cipherstash-proxy/src/encrypt/config/encrypt_config.rs
index c9bf5101..730e678e 100644
--- a/packages/cipherstash-proxy/src/encrypt/config/encrypt_config.rs
+++ b/packages/cipherstash-proxy/src/encrypt/config/encrypt_config.rs
@@ -3,7 +3,7 @@ use crate::{
     error::{ConfigError, Error},
     log::KEYSET,
 };
-use cipherstash_config::{
+use cipherstash_client::schema::{
     column::{Index, IndexType, TokenFilter, Tokenizer},
     ColumnConfig, ColumnType,
 };
diff --git a/packages/cipherstash-proxy/src/encrypt/config/manager.rs b/packages/cipherstash-proxy/src/encrypt/config/manager.rs
index df23d8ab..50c4296d 100644
--- a/packages/cipherstash-proxy/src/encrypt/config/manager.rs
+++ b/packages/cipherstash-proxy/src/encrypt/config/manager.rs
@@ -7,7 +7,7 @@ use crate::{
     log::ENCRYPT_CONFIG,
 };
 use arc_swap::ArcSwap;
-use cipherstash_config::ColumnConfig;
+use cipherstash_client::schema::ColumnConfig;
 use serde_json::Value;
 use std::{collections::HashMap, sync::Arc, time::Duration};
 use tokio::{task::JoinHandle, time};
diff --git a/packages/cipherstash-proxy/src/encrypt/mod.rs b/packages/cipherstash-proxy/src/encrypt/mod.rs
index fca8efd1..681e4b78 100644
--- a/packages/cipherstash-proxy/src/encrypt/mod.rs
+++ b/packages/cipherstash-proxy/src/encrypt/mod.rs
@@ -17,9 +17,9 @@ use cipherstash_client::{
         self, Encrypted, EncryptedEntry, EncryptedSteVecTerm, IndexTerm, Plaintext,
         PlaintextTarget, ReferencedPendingPipeline,
     },
+    schema::ColumnConfig,
     ConsoleConfig, CtsConfig, ZeroKMSConfig,
 };
-use cipherstash_config::ColumnConfig;
 use config::EncryptConfigManager;
 use schema::SchemaManager;
 use std::{sync::Arc, vec};
@@ -201,7 +201,14 @@ async fn init_cipher(config: &TandemConfig) -> Result<ScopedCipher, Error> {
     // Not using with_env because the proxy config should take precedence
     let builder = ZeroKMSConfig::builder()
         .add_source(EnvSource::default())
-        .workspace_id(&config.auth.workspace_id)
+        .workspace_id(
+            config
+                .auth
+                .workspace_id
+                .to_owned()
+                .try_into()
+                .map_err(cipherstash_client::config::ConfigError::from)?,
+        )
         .access_key(&config.auth.client_access_key)
         .try_with_client_id(&config.encrypt.client_id)?
         .try_with_client_key(&config.encrypt.client_key)?
diff --git a/packages/cipherstash-proxy/src/error.rs b/packages/cipherstash-proxy/src/error.rs
index a37e7413..d0499f11 100644
--- a/packages/cipherstash-proxy/src/error.rs
+++ b/packages/cipherstash-proxy/src/error.rs
@@ -104,7 +104,7 @@ pub enum ConfigError {
     Certificate(#[from] rustls_pki_types::pem::Error),
 
     #[error(transparent)]
-    EncryptConfig(#[from] cipherstash_config::errors::ConfigError),
+    EncryptConfig(#[from] cipherstash_client::config::errors::ConfigError),
 
     #[error(transparent)]
     Database(#[from] tokio_postgres::Error),
@@ -285,12 +285,6 @@ impl From<config::ConfigError> for Error {
     }
 }
 
-impl From<cipherstash_config::errors::ConfigError> for Error {
-    fn from(e: cipherstash_config::errors::ConfigError) -> Self {
-        Error::Config(e.into())
-    }
-}
-
 impl From<cipherstash_client::encryption::TypeParseError> for Error {
     fn from(e: cipherstash_client::encryption::TypeParseError) -> Self {
         Error::Encrypt(e.into())
diff --git a/packages/cipherstash-proxy/src/postgresql/context/column.rs b/packages/cipherstash-proxy/src/postgresql/context/column.rs
index 41f45e8b..20155ca8 100644
--- a/packages/cipherstash-proxy/src/postgresql/context/column.rs
+++ b/packages/cipherstash-proxy/src/postgresql/context/column.rs
@@ -1,4 +1,4 @@
-use cipherstash_config::{ColumnConfig, ColumnType};
+use cipherstash_client::schema::{ColumnConfig, ColumnType};
 use postgres_types::Type;
 
 use crate::Identifier;
diff --git a/packages/cipherstash-proxy/src/postgresql/data/from_sql.rs b/packages/cipherstash-proxy/src/postgresql/data/from_sql.rs
index 24daad7d..7850741f 100644
--- a/packages/cipherstash-proxy/src/postgresql/data/from_sql.rs
+++ b/packages/cipherstash-proxy/src/postgresql/data/from_sql.rs
@@ -6,8 +6,7 @@ use crate::{
 use bigdecimal::BigDecimal;
 use bytes::BytesMut;
 use chrono::NaiveDate;
-use cipherstash_client::encryption::Plaintext;
-use cipherstash_config::ColumnType;
+use cipherstash_client::{encryption::Plaintext, schema::ColumnType};
 use postgres_types::FromSql;
 use postgres_types::Type;
 use rust_decimal::Decimal;
@@ -342,8 +341,10 @@ mod tests {
     };
     use bytes::{BufMut, BytesMut};
     use chrono::NaiveDate;
-    use cipherstash_client::encryption::Plaintext;
-    use cipherstash_config::{ColumnConfig, ColumnMode, ColumnType};
+    use cipherstash_client::{
+        encryption::Plaintext,
+        schema::{ColumnConfig, ColumnMode, ColumnType},
+    };
     use postgres_types::{ToSql, Type};
 
     fn to_message(s: &[u8]) -> BytesMut {
diff --git a/packages/cipherstash-proxy/src/postgresql/messages/parse.rs b/packages/cipherstash-proxy/src/postgresql/messages/parse.rs
index a2c30f5c..cc49f6e9 100644
--- a/packages/cipherstash-proxy/src/postgresql/messages/parse.rs
+++ b/packages/cipherstash-proxy/src/postgresql/messages/parse.rs
@@ -123,7 +123,7 @@ mod tests {
         Identifier,
     };
     use bytes::BytesMut;
-    use cipherstash_config::{ColumnConfig, ColumnType};
+    use cipherstash_client::schema::{ColumnConfig, ColumnType};
 
     fn to_message(s: &[u8]) -> BytesMut {
         BytesMut::from(s)